root/branches/2.1/wp-includes/default-filters.php

Revision 5040, 6.5 kB (checked in by markjaquith, 2 years ago)

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for 2.1

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1 <?php
2
3 // Some default filters
4 add_filter('bloginfo','wp_specialchars');
5 add_filter('category_description', 'wptexturize');
6 add_filter('list_cats', 'wptexturize');
7 add_filter('comment_author', 'wptexturize');
8 add_filter('comment_text', 'wptexturize');
9 add_filter('single_post_title', 'wptexturize');
10 add_filter('the_title', 'wptexturize');
11 add_filter('the_content', 'wptexturize');
12 add_filter('the_excerpt', 'wptexturize');
13 add_filter('bloginfo', 'wptexturize');
14
15 // Comments, trackbacks, pingbacks
16 add_filter('pre_comment_author_name', 'strip_tags');
17 add_filter('pre_comment_author_name', 'trim');
18 add_filter('pre_comment_author_name', 'wp_specialchars', 30);
19
20 add_filter('pre_comment_author_email', 'trim');
21 add_filter('pre_comment_author_email', 'sanitize_email');
22
23 add_filter('pre_comment_author_url', 'strip_tags');
24 add_filter('pre_comment_author_url', 'trim');
25 add_filter('pre_comment_author_url', 'clean_url');
26
27 add_filter('pre_comment_content', 'wp_rel_nofollow', 15);
28 add_filter('pre_comment_content', 'balanceTags', 30);
29
30 add_filter('pre_comment_author_name', 'wp_filter_kses');
31 add_filter('pre_comment_author_email', 'wp_filter_kses');
32 add_filter('pre_comment_author_url', 'wp_filter_kses');
33
34 add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
35
36 // Default filters for these functions
37 add_filter('comment_author', 'wptexturize');
38 add_filter('comment_author', 'convert_chars');
39 add_filter('comment_author', 'wp_specialchars');
40
41 add_filter('comment_email', 'antispambot');
42
43 add_filter('comment_flood_filter', 'wp_throttle_comment_flood', 10, 3);
44
45 add_filter('comment_url', 'clean_url');
46
47 add_filter('comment_text', 'convert_chars');
48 add_filter('comment_text', 'make_clickable');
49 add_filter('comment_text', 'force_balance_tags', 25);
50 add_filter('comment_text', 'wpautop', 30);
51 add_filter('comment_text', 'convert_smilies', 20);
52
53 add_filter('comment_excerpt', 'convert_chars');
54
55 // Categories
56 add_filter('pre_category_name', 'strip_tags');
57 add_filter('pre_category_name', 'trim');
58 add_filter('pre_category_name', 'wp_filter_kses');
59 add_filter('pre_category_name', 'wp_specialchars', 30);
60 add_filter('pre_category_description', 'wp_filter_kses');
61
62 //Links
63 add_filter('pre_link_name', 'strip_tags');
64 add_filter('pre_link_name', 'trim');
65 add_filter('pre_link_name', 'wp_filter_kses');
66 add_filter('pre_link_name', 'wp_specialchars', 30);
67 add_filter('pre_link_description', 'wp_filter_kses');
68 add_filter('pre_link_notes', 'wp_filter_kses');
69 add_filter('pre_link_url', 'strip_tags');
70 add_filter('pre_link_url', 'trim');
71 add_filter('pre_link_url', 'clean_url');
72 add_filter('pre_link_image', 'strip_tags');
73 add_filter('pre_link_image', 'trim');
74 add_filter('pre_link_image', 'clean_url');
75 add_filter('pre_link_rss', 'strip_tags');
76 add_filter('pre_link_rss', 'trim');
77 add_filter('pre_link_rss', 'clean_url');
78 add_filter('pre_link_target', 'strip_tags');
79 add_filter('pre_link_target', 'trim');
80 add_filter('pre_link_target', 'wp_filter_kses');
81 add_filter('pre_link_target', 'wp_specialchars', 30);
82 add_filter('pre_link_rel', 'strip_tags');
83 add_filter('pre_link_rel', 'trim');
84 add_filter('pre_link_rel', 'wp_filter_kses');
85 add_filter('pre_link_rel', 'wp_specialchars', 30);
86
87 // Users
88 add_filter('pre_user_display_name', 'strip_tags');
89 add_filter('pre_user_display_name', 'trim');
90 add_filter('pre_user_display_name', 'wp_filter_kses');
91 add_filter('pre_user_display_name', 'wp_specialchars', 30);
92 add_filter('pre_user_first_name', 'strip_tags');
93 add_filter('pre_user_first_name', 'trim');
94 add_filter('pre_user_first_name', 'wp_filter_kses');
95 add_filter('pre_user_first_name', 'wp_specialchars', 30);
96 add_filter('pre_user_last_name', 'strip_tags');
97 add_filter('pre_user_last_name', 'trim');
98 add_filter('pre_user_last_name', 'wp_filter_kses');
99 add_filter('pre_user_last_name', 'wp_specialchars', 30);
100 add_filter('pre_user_nickname', 'strip_tags');
101 add_filter('pre_user_nickname', 'trim');
102 add_filter('pre_user_nickname', 'wp_filter_kses');
103 add_filter('pre_user_nickname', 'wp_specialchars', 30);
104 add_filter('pre_user_description', 'trim');
105 add_filter('pre_user_description', 'wp_filter_kses');
106 add_filter('pre_user_url', 'strip_tags');
107 add_filter('pre_user_url', 'trim');
108 add_filter('pre_user_url', 'clean_url');
109 add_filter('pre_user_email', 'trim');
110 add_filter('pre_user_email', 'sanitize_email');
111
112 // Places to balance tags on input
113 add_filter('content_save_pre', 'balanceTags', 50);
114 add_filter('excerpt_save_pre', 'balanceTags', 50);
115 add_filter('comment_save_pre', 'balanceTags', 50);
116
117 // Misc. title, content, and excerpt filters
118 add_filter('the_title', 'convert_chars');
119 add_filter('the_title', 'trim');
120
121 add_filter('the_content', 'convert_smilies');
122 add_filter('the_content', 'convert_chars');
123 add_filter('the_content', 'wpautop');
124
125 add_filter('the_excerpt', 'convert_smilies');
126 add_filter('the_excerpt', 'convert_chars');
127 add_filter('the_excerpt', 'wpautop');
128 add_filter('get_the_excerpt', 'wp_trim_excerpt');
129
130 add_filter('sanitize_title', 'sanitize_title_with_dashes');
131
132 // RSS filters
133 add_filter('the_title_rss', 'strip_tags');
134 add_filter('the_title_rss', 'ent2ncr', 8);
135 add_filter('the_title_rss', 'wp_specialchars');
136 add_filter('the_content_rss', 'ent2ncr', 8);
137 add_filter('the_excerpt_rss', 'convert_chars');
138 add_filter('the_excerpt_rss', 'ent2ncr', 8);
139 add_filter('comment_author_rss', 'ent2ncr', 8);
140 add_filter('comment_text_rss', 'wp_specialchars');
141 add_filter('comment_text_rss', 'ent2ncr', 8);
142 add_filter('bloginfo_rss', 'ent2ncr', 8);
143 add_filter('the_author', 'ent2ncr', 8);
144
145 // Misc filters
146 add_filter('option_ping_sites', 'privacy_ping_filter');
147 add_filter('option_blog_charset', 'wp_specialchars');
148 add_filter('mce_plugins', '_mce_load_rtl_plugin');
149 add_filter('mce_buttons', '_mce_add_direction_buttons');
150
151 // Redirect Old Slugs
152 add_action('template_redirect', 'wp_old_slug_redirect');
153 add_action('edit_post', 'wp_check_for_changed_slugs');
154 add_action('edit_form_advanced', 'wp_remember_old_slug');
155
156 // Actions
157 add_action('wp_head', 'rsd_link');
158 add_action('wp_head', 'locale_stylesheet');
159 add_action('publish_future_post', 'wp_publish_post', 10, 1);
160 add_action('wp_head', 'noindex', 1);
161 add_action('wp_head', 'wp_print_scripts');
162 if(!defined('DOING_CRON'))
163     add_action('init', 'wp_cron');
164 add_action('do_feed_rdf', 'do_feed_rdf', 10, 1);
165 add_action('do_feed_rss', 'do_feed_rss', 10, 1);
166 add_action('do_feed_rss2', 'do_feed_rss2', 10, 1);
167 add_action('do_feed_atom', 'do_feed_atom', 10, 1);
168 add_action('do_pings', 'do_all_pings', 10, 1);
169 add_action('do_robots', 'do_robots');
170 add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
171 add_action('admin_print_scripts', 'wp_print_scripts', 20);
172 add_action('mce_options', '_mce_set_direction');
173 ?>
174
Note: See TracBrowser for help on using the browser.